Most Internet Service Providers (ISPs) providing cable, telecommunication, and Internet services to commercial and enterprise customers in different locations across a large geographic area (e.g., a continent) use a variety of security measures to ensure that Internet packets used to provide these services are not disrupted as they traverse the ISP's Internet backbone. The ISP's Internet backbone typically comprises one or more autonomous systems (ASs) that are connected using one or more routers and switches placed throughout the geographic area where the ISP provides service to its customers. The ASs provide service to different regions (i.e., sites) of the geographic area by routing packets between devices connected to the different ASs. In many instances, an ISP may assign one or more devices within the same AS or across different ASs to a virtual private network (VPN). For example, an ISP may assign all devices (e.g., computers, mobile devices, and/or servers) used within a company to a VPN so that Internet packets traveling between these devices are not routed through the ISP's Internet backbone along with customer Internet packets. The VPN may be assigned one or more private (i.e., only accessible to the company) Internet connections between one or more routers and switches that may be used to connect the company devices. When a company device (e.g., laptop computer) in the VPN wants to access another device (e.g., server hosting a database) in the VPN, the one or more routers and switches may route one or more packets from the laptop computer to the server to access the database. Similarly the router may route one or more packets generated by the database on the server to the laptop computer. However, when the laptop attempts to access another device (e.g., server hosting a website) that is not assigned to the same VPN, the one or more routers and switches oftentimes route the one or more packets received from the laptop through a pair of firewalls (i.e., firewall pair) which in turn forwards the packet to the server hosting the website. The one or more packets are routed through the firewall pair to filter (i.e., prevent) unsolicited access to the devices in the VPN. For example, if the server hosting the website sends one or more packets to the firewall pair, and the laptop did not request the packets, the firewall pair will not forward the packets to the laptop.
Because an ISP's Internet backbone may cover a large geographic area, there may be a firewall pair at each site. Currently, firewall pairs are used to filter packets from one or more devices in one VPN destined for one or more devices in another VPN or one or more devices connected to the Internet that do not belong to a VPN. However, existing implementations of autonomous systems that employ firewall pairs, routers, and switches do not perform adequately when a firewall pair at a first site does not work properly. Consequently, when a firewall pair at a first site does not work properly, some packets that are routed through the firewall pair from devices in one VPN to devices that are not in the VPN may not be delivered. When this happens, none of the devices on either side of the VPN are able to communicate with one another. As a result, users of the devices may be without access to the Internet, phone or video services, and/or other multimedia services.